After seeing the magecart attacks at BA and Newegg I decided to try and build a solution: <a href="https://magehash.com" rel="nofollow">https://magehash.com</a>, unsure if it's useful yet, what do you think?<p>I'm thinking about integrating it in existing CI/CD workflows, to avoid false positives too
Not sure if this is what you're looking for, but subresource integrity perhaps?<p><a href="https://hacks.mozilla.org/2015/09/subresource-integrity-in-firefox-43/" rel="nofollow">https://hacks.mozilla.org/2015/09/subresource-integrity-in-f...</a>